|
|
Rank: AiutAmico
Iscritto dal : 1/8/2010
Posts: 38
|
Malwarebytes' Anti-Malware 1.44
Database version: 3515
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
11/01/2010 13.51.31
mbam-log-2010-01-11 (13-51-31).txt
Scan type: Full Scan (A:\|C:\|D:\|F:\|)
Objects scanned: 142812
Time elapsed: 43 minute(s), 40 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 4
Registry Data Items Infected: 5
Folders Infected: 4
Files Infected: 7
Memory Processes Infected:
C:\WINDOWS\system32\twext.exe (Backdoor.Bot) -> Not selected for removal.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bc4be15d-6a34-4356-9e97-79e43da32b1d} (Adware.Shopper) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Delete on reboot.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Delete on reboot.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Delete on reboot.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Delete on reboot.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Delete on reboot.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Delete on reboot.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{bc4be15d-6a34-4356-9e97-79e43da32b1d} (Adware.Shopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\richtx64.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: c:\windows\system32\twext.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: system32\twext.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.
Folders Infected:
C:\Documents and Settings\EMANUELA\Dati applicazioni\twain_32 (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twain_32 (Backdoor.Bot) -> Not selected for removal.
C:\Documents and Settings\All Users\Dati applicazioni\Zwunzi (Adware.Zwunzi) -> Delete on reboot.
C:\Programmi\Zwunzi (Adware.Zwunzi) -> Delete on reboot.
Files Infected:
C:\Driver\Crypt.dll (Hacktool) -> Delete on reboot.
C:\Documents and Settings\EMANUELA\Dati applicazioni\twain_32\user.ds (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twain_32\local.ds (Backdoor.Bot) -> Not selected for removal.
C:\WINDOWS\system32\twain_32\user.ds (Backdoor.Bot) -> Not selected for removal.
C:\Documents and Settings\All Users\Dati applicazioni\Zwunzi\zwunzi120.exe (Adware.Zwunzi) -> Delete on reboot.
C:\WINDOWS\system32\twext.exe (Backdoor.Bot) -> Not selected for removal.
C:\Documents and Settings\EMANUELA\Impostazioni locali\Temp\H8SRTfac9.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
|
|
|
|
|
|
Rank: AiutAmico
Iscritto dal : 12/12/2009
Posts: 2,114
|
Non serviva aprire un altro topic..
|
|
Rank: AiutAmico
Iscritto dal : 1/8/2010
Posts: 38
|
ormai...cosa faccio con i system eliminati?
|
|
Rank: AiutAmico
Iscritto dal : 4/5/2005
Posts: 22,971
|
fdaccc ha scritto:Non serviva aprire un altro topic.. Va beh, è lo stesso: errore veniale... Siam fra amici. Vedrai che la prossima volta li posterà assieme, i 2 LOGs. Nessuno "nasce imparato": ci aiuta il far esperienza.
|
|
Rank: AiutAmico
Iscritto dal : 12/12/2009
Posts: 2,114
|
Chi ti ha detto di eliminarli?
|
|
Rank: AiutAmico
Iscritto dal : 8/7/2007
Posts: 11,016
|
Non aprire altri topic.
Le indicazioni te le ho date nell'altro topic.
Continuamo nell'altro topic.
|
|
Rank: AiutAmico
Iscritto dal : 12/12/2009
Posts: 2,114
|
Visto? =) 
|
|
|
Guest |
